Welcome back! Let's start with what AWS is. Essentially AWS is a cloud service provider.
There are other cloud service providers as well. For example, Microsoft Azure and Google Cloud are the famous ones. AWS is a cloud service provider and its architectural underpinning is based on the cloud computing. Cloud computing is so pervasive nowadays if we pay little attention we can find
so many examples of it in real life. I will talk about cloud computing in more detail later in the
course. But to give you a general idea the word cloud in cloud computing is used as a metaphor for the Internet. Thus the term cloud computing refers to internet-based computing. In cloud
computing, computing resources such as servers, storage, network, and software applications are delivered over the Internet. So now we know that AWS is a cloud service provider. In other
words, AWS provides services over the Internet. In a broader term, AWS provides almost all kinds of
services such as infrastructure, platform, software, analytic, machine learning, and many
other types of services over the Internet. To understand further, what AWS is; let's
see some interesting use cases of AWS. Did you know how Netflix is streaming videos all over the world with low latency? Netflix is using AWS to achieve its low latency performance. Have you ever wondered how Twitter is able to scale its distribution of content worldwide? Twitter is
using AWS platform to scale its distribution of content worldwide. Did you happen to know
how NFL is leveraging AI and machine learning to predict and prevent injury in games?
NFL is leveraging AWS machine learning and AI services to predict and prevent injury in games. Now we have seen a few use cases of AWS. Continuing further on what AWS is. Let's talk about AWS in terms of its customers. AWS has over a million customers all over the world. Talking about companies which are using AWS, here are some well-known organizations having spending on
AWS. Facebook, BBC News, ESPN, LinkedIn, GE, and Apple. Now before moving to the next video,
let's see how AWS compares with the other cloud providers, This is the Gartner chart of 2020. it gives a clear picture of different cloud providers in terms of completeness of vision and ability to execute. In this chart the x-axis represents the completeness of vision and the y-axis is for the ability to execute. You can notice Amazon Web Services is the leader on both axes.
Microsoft is on the second, and Google is on third; and other cloud providers such as Oracle and
IBM are way behind. This was a brief about what AWS is. In the next video, we will see different
categories of services AWS offers which as you will see AWS covers almost all types of services which is possible. So let's meet in the next video. Welcome back! In this video, we will talk
about different types of services AWS offers. AWS offers almost all types of services possible. The service categories which we will follow, they are not in any particular order.
They are in an arbitrary order. That being said, Let's start. First, AWS offers many services for analytics needs. AWS offers services for augmented reality and virtual reality. It has services in the blockchain category. AWS offers services in the containers category as well, for example, services for setting up Docker. it has many service offering for database needs on cloud.
In other words, you can quickly set up a database on AWS. It has many services to handle DevOps types of work. It has many services for game development. it has many services in the Internet of Things category. It has many services in the machine learning category, which is a very demanding area nowadays. It has services for quantum technologies. AWS has services for robotics as well. It also has services for satellite-related work. And finally, it has services related to
security identity and compliance types of needs. Welcome back! Now we got a good understanding
about what AWS is, and the types of services, it offers. Let's try to understand AWS
advantages which would help us rationalize, why AWS has become so popular and useful platform in the computing world. One of the advantages AWS services or any cloud sources
for that matter are available over the Internet, which is a huge advantage as we don't have
to buy or maintain any special hardware to use AWS. Another advantage is cost savings. AWS's pricing model is based on pay for what you use. This cuts down a lot in cost in many use cases.
Particularly in use cases where we don't need to fully utilize the bought resources. In other words
resources are ideal for the majority of the time. Let's see some use case examples to get
better idea about cost savings advantage. Say our business sells gift items only related to Valentine's Day. Then, running our online store on high-end web servers with auto
scaling and load balancer throughout the year would find it difficult to make a profitable business. On the other hand, if we can leverage AWS, we will only pay for the services we use;
thus, having a potentially profitable business. Leveraging cloud computing platform such
as AWS with the pay-for-what-we-use pricing model saves huge in cost; as we only pay for what we use. This pay for what we use pricing model is very cost-effective, and becoming the new paradigm in the computing world. In another example, suppose we need some special servers to work on
some urgent proof of concepts aka POC type of work to add some features in our product, which our competitor doesn't have. And say after POC is complete, we don't need the computing resources.
In this business use case, instead of buying and setting up the servers, if you can leverage
AWS, we will only pay for the services we use which is the price for running the virtual servers on AWS. So using AWS would lead us to cost savings. Additionally, it saves time as well. Since
setting up networking security permissions etc are relatively much easier, and more robust on
AWS. Not only cost savings it's also easy to use as well. With AWS, we can provision and
manage all sorts of computing resources with various choices using AWS web console,
AWS mobile apps, AWS command-line interface and AWS APIs. For example, we can provision virtual
Linux machine on-demand within a few minutes. And de-provisioning is also very
similar; we can de-provision or unwind provisioned resources in a similar fashion
how we provisioned the computing resources. To recap; AWS advantages --- it's available over the
Internet, so no extra setup is required to use AWS. It saves cost and time, and it's easy to use.
So let's summarize; at a high level what AWS is. Having over a million active customers
all over the world, and readily available all kinds of cloud sources over the Internet,
along with a pay-for-what-you-use pricing model, and with ease of use, AWS has become not only a secure
a modern platform to build and deploy and run almost all kind software applications, but also to procure,
deploy, and manage IT infrastructure as well, with time and cost-efficiency. Today AWS
provides highly reliable scalable and low cost cloud services, and thus has become a
very popular and useful computing platform. Welcome back! many of the AWS certification exams
are designed for AWS developers who have hands-on experience working with AWS. That being said, you
will need an AWS account in order to have working experience with AWS services. In this video, we will
learn about opening an AWS account and setting up a budget alarm. Let's go to aws.amazon.com and click
on create an aws account, this will take you to the signup page. Here enter an email address; please make
sure you provide the correct email address as this will become your AWS user id, enter password,
re-enter password. Provide AWS account name; this will be used on AWS billing; you can change it later. And, click on continue now. On this page it asks if this account is for business or a personal account. I will select personal as I'm setting it for my personal use. If I was
creating an AWS account for my organization, I would select business. Now here I will enter
details; full name, phone number, and address. Then i will check the customer agreement checkbox.
You can read the details before checking the check box. Then i will click on the continue button. On
this page, I will enter billing information and then click on verify and continue. This will take
you to the page where it asks for mobile number or voice call for verification. I will check the text
message option so I need to enter a phone number. Enter captcha which would help identify
if the bot is trying to create an account, And then click on send message. Next page I
will enter the code which i got in my mobile. Okay -- it's verified. Now on this page, it asks
which type of support plan you would like to have. Mostly for learning or trying out
services for preparing certification exams, the basic support option is sufficient as it is free. Essentially in basic support plan, you will leverage database documentation to get help if you get stuck. In my personal experience the basic support is fine for
learning or preparing for certification exams. The developer support option you need if you need
to contact someone in AWS to get support to help solve your AWS issue. Essentially in this option
you create a support ticket and your ticket will be handled by AWS support team. The business one is
used by businesses which are using aws to get help on their aws issues. Now your account is set up and
you can log in. Very first thing you will do; you will set up a budget alarm to help keep your AWS
bills within your budget. For preparing for an AWS certification exams you'll be mostly using services given in the AWS Free Tier. AWS Free Tier is a feature provided by AWS to try out and learn AWS services
free of cost for some time. However, in some cases the Free Tier will not be sufficient. For example,
my aws bill for preparing certification exam was around $15.00. That being said, let's go-ahead to set up the budget alarm. In the search bar type billing, this will take you to the billing dashboard. Here click on the budget link you will get the AWS budget page. Click on the create budget.
Here select budget type which is cost budget. Click next and for the period I will select
monthly and for the budget effective date, I will select recurring. I will set the starting
month and the budget amount I will enter one dollar. Once again typically for preparing a debit
certification exams you will be mostly using services given in the AWS Free Tier. However
in some cases, the Free Tier will not be sufficient. For example, if you would like to try out
services which are not in the AWS Free Tier. So by setting a budget amount, you make sure to get some sort of notification such as email or text depending on what you have configured. This
will help you to keep your AWS bills within your budget. Next enter budget name, and
enter threshold. I usually enter 80 percent. Now enter email, where you get a notification. Please
make sure you provide the correct email address. Click on the create budget, and your AWS budget will be created. So with this budget setup, you will get an email notification if your bill is
exceeding threshold which you have set up. Welcome back! This video talks about free
which is considered to be a powerful word in sales and marketing. In this video we
will get an understanding about AWS Free Tier as you can learn or practice many AWS
services free of cost by using AWS Free Tier. So what is AWS Free Tier? AWS Free Tier refers
to limited free use of AWS platform and services. AWS Free Tier offers as means for new
users to gain free hands-on experience with AWS platform and services. You can learn a
lot about AWS using its services in Free Tier. There are three types of offers available in Free Tier. The first one is always free. Always free offers do not expire and are available to all aws customers. The next is 12 months free. In this type of offer, you will get 12
months free after initial sign-up with AWS. And the last one is trials. In this type of
offer, you will get short term free trials, which starts from the date you activate a service. Now let's visit the AWS Free Tier page to find out more details about it. Let's
go to google.com and search for aws feed here select the link which says aws feed here
and select the one which is which says aws.amazon.com as this is the url of aws so now
we are on aws free tier page first thing if you notice is that it talks about types of offers
and it says explore more than 100 products and start building on aws using the free tier and then
it talks about three different types of offers the first one is always free which do not expire and
the next one is 12 months free which is free for 12 months following your initial sign-up
date to aws and the last one is trials which is short-term free trial offers and it start
from the date you activate a particular service now the question is how will you know which
searches are in free tier and of which type so you can use filter by clause given on
this page for example if you are looking for services which are 12 months free you check the
12 months free box and you will get the services which are free for 12 months same way if you if
you're looking for services which are always free you check the always free checkbox and you
will get the service which are always free and same concept applies for trials as well if
you check the trials check box you will get the services which are free on short term trials one
important point to note is that read the details about what is included as a free in the service
for example for amazon s3 it is in free tier and it is 12 months free and it says you will get 5
gig of standard storage 20 000 get requests and 2 000 put requests now if you scroll down on this
page there is a faq section and there is a billing section and some related stuff so you get the idea
that providing different types of free offers aws is encouraging its customers to learn its services
in summary aws free tier enables its customers to acquire practical knowledge about aws platforms
and services by reducing the cost of learning and there are three types always free short term
free trial and 12 months free in my experience 12 months is very common one as you will
experience when you start using edible services welcome back this is an important topic in this
we will talk about best practices for the aws root account which is very important for the
security and safety of your aws root account before getting to know about the best practices
for the aws root account let's try to understand why this topic is important let's google aws
account compromise right so we are getting so many results but i would like to share with you uh this
one let me open the new window and go to this url the story is i was built for 14 000 usd on amazon
web services you can read about it but in short he checked in aws credentials on github which led
to hacking of his aws account hacker launched ec2 instances and he was built for around 14 000
usd good news is that aws support team was helpful to resolve his issue the key point to note it down
from this story is that to have aws root account extremely secure and do not leak or expose
your aws account password and access key now let's go through the aws best practices
for edibles root account so here are the best practices for the aws root account do not
share your root account and password with anyone secure your root account by
multi-factor authentication do not use root account user id to login as this
highly privileged account using group account for regular use can increase the security risk
of the account that being said create another account and use this account for regular use the
key takeaway is to have aws root account or any aws account for that matter extremely secure and
do not leak or expose your aws account password and access keys with that let's meet in the next
video where we will learn how to secure your aws account by adding additional protection
which is called multi-factor authentication welcome back in this video
i will show you how to add multi-factor authentication to increase
security of your aws account let's log into aws and now click on my security credentials
which is under your account name and then click on multi-factor authentication
and then click on activate mfa here there are three choices i think it's better to go about all
these choices in brief to have better rational about appropriate selection choice in aws you can
assign mfa to an user account in three ways first one is virtual mfa device next one is using utf
or universal two-factor security key and the third one is using hardware mfa device now the first
one is virtual mfa device it's easy to set up you can install authenticator apps such as google
authenticator one password microsoft authenticator on your mobile device and use the code generated
on the app to log in along with the password now the question is how secure it is it is secure
but it is also has potential for security risk but not as weak as using sms for mfa as you know sms
is another two factor authentication mechanism but in sms text is transmitted unencrypted
so as you can see sms is more weaker compared to authenticator app for mfa there is an
interesting blog about the google authenticator about how securities if you scroll down there is
a paragraph and this it says and in the drawback of google authenticator that reader pointed
out is no passcode or biometric lock on the app and the ease of access to the app seems to allow
malware to steal two fa codes directly from google authenticator giving you yet another reason to
dump the app as you can see based on this blog google authenticator is not extremely secure so
if you need very strong security then virtual mfa device may not be right choice for you now let's
see the other option which is universal two-factor mfa in brief so utf is a sort of form of universal
two-factor authenticator apps while it's safer than two-factor authentication via sms it's not as
secure as using universal two-factor device utf is a type of mfa device once you enable it using the
instructions that follow you just tap it on the device when prompted to securely log in tapping
helps make sure some human is locking not a robot basically it is based on rsa which as you might
know rsa is a public private key cryptography but the concept is very cool utf device key and
hardware of the computer are used to generate keys if someone gets your u2f device they can't use it
to log into your site as nothing is stored on the utf device they can use it that device however for
themselves to log into sites but not on your site the only drawback is if you lost your device then
you need to have some backup system to log into the last option to use mfa in aws is using
hardware mfi device the concept is very similar to secure id if you have used it you
register the device and then when prompted enter the token generated on the device i will not go
into detail as this is beyond the scope of this course but you can read it about it on the web i
will share a link i found worth going through if you are interested to know about this option into
more detail so now you are the idea of all three options as you can see the first one is relatively
not as secure as the other two are but the first one is quick and easy to set up just install any
mfa authenticator app on your mobile or computer and you are ready to use mfa using virtual
device so i will click here on continue next what i will do since i already
have google authenticator installed what i will do i will scan the code let me scan
the code so first i have to click on so qr code and then then let me scan the code since i
already have google authenticator installed so i can scan the code okay the code is scanned
so now what i'll do now here it asks about two consecutive mfa codes so let
me add two consecutive codes here okay now i'll click on sign mfa and uh now it says
that you have successfully assigned virtual mfa what has happened is mfa has been added to my
root account right so my account is relatively much secure as just having a password so i
think with this demo you understood how to um assign multi-factor authentication using virtual
device to your aws account with this now we will meet in the next video where i will show
you how to create aws user and i'll show you how to create access keys which are
required to access aws programmatically welcome back in this video you will
learn how to create iem user and how to generate secret key and access key which
are required to access aws programmatically you will also learn how to attach policy to an iem
user and how to delete an iem user this is very useful and important topics so let's go to
straight to aws management console to log into aws and create an iem user so i'm on the aws
management console let's log into aws account click on sign into the console so i'm logged
in if you notice since i was already logged in earlier so the browser got the login details from
the cookie directly in your case you may have to enter your user id password and mfa if you have
set up mfa okay since i need to add im user i need iem service okay which is identity and
access management service quick way to find the service is to type service name in the search
area okay and that way you can get im service or you can find it from the recently visited
services for example you see that iem services listed here because i have used it earlier since i
would like to show you how to search for services as well i will use the search bar okay so i will
type iem here and uh and then click on im okay now i am on the iem service homepage whenever
you need to create an aws user you will use iem service okay in aws to create any
user you will have to use iem service okay click on users i already have couple of users here
i will click on add users button to add a new user enter username i will give this user a john doe
user id okay this is just demo user to show you how to add iem user i will delete this user
later okay the next is select aws access type i will check both boxes first one
is for the programmatic access checking this option will also generate and
enable an access key id and secret access key these keys are needed if you need to interact
with aws programmatically using awc api cli sdk and other development tools okay for example
you need these keys if you are using awcli which is aws command line interface aws clie
is primarily used by aws devops engineers okay these keys are also needed if you are using
aws sdk which is aws software development kit aws sdk primarily used by aws developers who
are building software using edibles apis okay the main point here is that if you are adding new
user and if this user will have a device developer or devops type of role have programmatic access
option checked okay so i will check this option and the other one is for aws management console
access uh this is very typical and common way to access aws and most aws users are comfortable
with this option so it is okay to have this option checked in most situations so let me check
this option okay the next option is about console password which will be used for this user to log
into aws management console please note when using aws api you will be using your account access keys
which is aws access key and editable secret key okay i will have this option checked if your
admin and creating user for someone else usually will use this auto generated password and
have this option checked okay you can also add a custom password means not a auto generated one
next is a required password reset checkbox i will leave as it is means checked that way device will
force to create a new password at the next sign in okay click on next button which is about
permissions here click on attach existing policies and select administrator access policy so
that this new user will have admin access privilege to this account aws have many existing
policies as you can see here which you can attach to an iem user so what is high-end policy impulse
is a set of iem permissions okay awsim policy is a typical software engineering pattern related
user management using this concept instead of assigning each individual permissions separately
you will create a policy and assign permissions to that policy and attach that policy to the
user okay so the policy abstraction as an indirection makes permissions management easier
for a user okay so let's move on i will cover i am in much detail in iem
lesson okay next click on tags okay i'm not creating any tag for this user
so as this is optional basically you can add here user email address job title etc okay next
click on review button okay if you notice here user name it was access type console password
type auto generator all these things that we did it's mentioned here the important thing here is
that there are two policies attached to this user one is administrator access another one is iem
user changed password policy why this has come because uh this is added as we chose the
option for auto generated password okay next click on create user button now the user
has been created as you can see since i have selected programmatic access access key id and
secret access key is generated here and since i selected option for auto generated password
the user password is generated as well okay i will note down the password and download the
access keys okay the newly created user will also get an aws management console url as you can
see here screens are celebrated with management console access as well okay so this url is also
provided by aws here let me copy this url okay and let me close this since
this user has been created so now the user as you can see this user has
has been created now let's see if it works okay so i'll open a new tab okay i will paste
the url for this user okay here i have to enter iem username which is john doe okay and i will
enter the password which was auto generated okay let me enter password here okay it says it
was auto generated password it is asking to change the password okay first i will
enter old password means existing password okay and then i will enter new password okay confirm password change as you can see that uh
this user was successfully able to log in okay so this is what i logged in so suppose that if you
would like to delete this user go to im service again and this time i will select im service from
here okay and then i will go to users okay so you can see the john doe user is listed here and then
next select this user and click on delete and now enter this user id here click on delete and you
can see that user john do has been deleted okay i think now you understood how to create an
ie user and how to delete an iem user okay welcome back so far you have seen
i'm accessing aws using its ui this ui is called aws management console
aws management console is very powerful ui in fact we can perform many aws operations on
the aws platform without doing any programming or having to know its low level apis that
being said if you are developer or devops just accessing aws using its ui would be a little
less what you may be looking for i think you would be interested to know if aws can be accessed in
other ways as well well aws can be accessed in three ways one is aws management console which
you've already seen which is basically aws ui the other one is using a wcli which is aws
command line interface awcli is very useful for devops engineers who would like to access aws
from command line to be more productive or to automate back-end processes such as launching
or terminating aw services without using its management console and the other one is using
aws sdk which is aws software development kit aws sdk is very useful for aws developers
who would like to develop program on adobe's platform using its apis for example if you would
like to develop chat application or aws you can uh you would leverage aw sdk in that case aws has
sdk in almost all mainstream programming languages it has sdk in java python nodejs.net ruby php c
plus plus and go and javascript as well the aws sdk is used mainly by aws developers i think
you got the general idea now that aws can be accessed not only using this management
console but also using its cli and its sdk welcome back this video is about
aws global cloud infrastructure which is the backbone of aws now let's go to
the aws global cloud infrastructure web page to get more detail about it so this is the
web page of aws global cloud infrastructure as you can see here it says that it is most
secure extensive and reliable global cloud infrastructure for all your applications right
so the important point here is that whether you need to deploy replication workloads across the
globe in a single click or you want to build and deploy specific applications closer to your
end users with single digit millisecond latency right this is important point with single digit
millisecond latency it is provides you the cloud infrastructure where and when you need it right so
you can read uh for the detail on this webpage but we'll shortly visit some of this part okay so to
revise the aws global cloud infrastructure is the most secure extensive and reliable cloud platform
it offers over 200 services as of this recording it not only allows you to deploy replication
across the globe by single click but it also allows you to build and deploy specific
applications closer to your replica end users with single digit millisecond latency it helps million
active customers from virtually every industry to build and run every imaginable use case on aws so
this was a high level overview of aws global cloud infrastructure now we'll look into some other
important concepts which are very much related to aws global cloud infrastructure so first
important concept to understand is aws reason so what is aws reason aws has concept of reason
which is a physical location around the world where aws has clusters of data centers so
basically aws reason is a physical location which has cluster of data centers as you can see
in this diagram this aws region has three clusters of data centers one cluster is here and second
crystal data center is here and third cluster data center is here and these clusters of data
centers are connected to one another okay so let's go to aws global cloud infrastructure webpage to
see some examples right so as you can see on this map the blue circles um are the aws reason and red
circles are coming soon right so let's start with north america so we have a region in northern
virginia we have reason in northern california we have aw season in south pole of brazil let's
go to australia we have reason in sydney let's go to south africa we have aws reason in cape
town let's go to some european countries we have reason in ireland we have a series in um
london uh we have italy citizen in paris in in frankfurt germany milan we have spain coming soon
let's see here we have the native region in tokyo this is a middle eastern country bahrain and
uh uae coming soon and now in india we have the native series in mumbai and it is in hyderabad
coming soon so so you get the idea right so aws has reason all across the world right um again
the reason is basically cluster data center so whenever you hear it is the reason you have to
think about that okay uh it's a cluster of data centers that's the whole concept so i think you've
got the high level understanding of aws reason now next uh another important concept in aws is aws
availability zone it is also called az in sort so as we talked earlier that aws has clusters
of data centers on multiple locations around the world and the location containing
clusters of data centers is called aws region that being said an individual discrete clustered
data center is called aws availability zone right another way to understand is that an availability
zone is one or more discrete data centers with redundant power networking
and connectivity in an aws reason so let's go to aws uh global infrastructure
to get more detail about aws availability zone so as you can see for instance northern virginia
um region has six availability zones okay and northern california reason have five
availability zones similarly uh sydney has uh three availability zones and let's go to london
see so it has three availability zones right so let's simplify a bit in an aws location or in
advanced region there are clusters of data centers spread across in location and individual discrete
cluster data center is called aws availability zone aws availability zones in reasons have
connectivity with one another okay so these so these availability zones are connected with one
another to strengthen the concept further i would like to share this point a common misconception
is that single zone equals a single data center in fact each zone is backed by one or more physical
data centers with the largest backed by five while a single availability zone can span multiple data
centers no two zones share a data center right okay so i hope you feel comfortable now with aws
reason and aws availability zone concept another concept related to aws global cloud infrastructure
is aws local zones so aws local zones are a type of aws infrastructure deployment that places aws
compute storage database and other select services closer to larger population let's go to aws local
zone webpage to get more idea about it so this is a web page about adobe press local zones and here
it says that eight plus local zones are a type of awc infrastructure deployment that places aws
compute the storage database and other select services closer to larger population with aws
local zones you can easily run applications that need single digit millisecond latency
closer to end users in a specific geography this is important line actually uh with aws
local zones you can easily run applications that need single digit millisecond latency
closer to end users in a specific geography aws local zones are ideal for use cases
such as media entertainment content creation real-time gaming live video streaming and machine
learning influence so the key takeaway is that if you need single digit millisecond latency closer
to your end users in a specific geography look for aws local zones the another important concept
is aws wavelength which is an aws infrastructure offering optimized for mobile edge computing
applications okay so let's go to aws wavelength webpage to get more idea about it so this is
the aws wavelength web page here it says that aws wavelength is an aws infrastructure offering
optimized for mobile age computing applications wavelength zones are aws infrastructure deployment
that embed aws compute and storage services within communications service providers data centers
at the age of 5z network this is the key point so application traffic from 5z devices can reach
application servers running in wavelength zones without leaving the telecommunication network
this avoids the latency that would result from the application traffic having to traverse
multiple hops across the internet to reach their destination enabling customers to take
full advantage of latency and bandwidth benefit offered by 5z networks so you can read more
detail about it so the key takeaway is that is that if you are deploying applications to
leverage 5z look for the aws wavelength so i think you've got a good understanding
about aws global cloud infrastructure welcome back in this video you will
learn how to create an ec2 instance and install a web server you will also
learn how to search into an ec2 instance but before launching the instance let's go to the
ec2 web page to get a high level idea about ec2 i'm on the ec2 home page the first important thing
to notice is that it is a sorter form of elastic compute cloud now let's see what it does it is
a web service that provides a secure resizable compute capacity in the cloud okay in this
line let's parse some keywords or phrases to get a good idea about ec2 okay the first is web
service what it means is that you can access the ec2 instance using an http endpoint okay the
other important word in this line is secure what it means is that you can control inbound
and outbound traffic to the ec2 instance okay the other important phrase is resizable
compute capacity what it means is that ec2 instance has an auto scaling feature and using
the auto scaling feature you can let ec2 instances scale up or down based on various metrics
such as cpu utilization or io throughput on this ec2 web page i would like to
bring your attention to these four points you can launch over 400 different types of ec2
instances aws is the only cloud provider that supports mac os you can launch ec2 instances in
25 reasons and even availability zones worldwide and you have choice of intel amd and arm
based processors you can read rest of it but i think this much basic knowledge
about ec2 is sufficient uh for this topic we will cover ec2 in more detail in ec2 lesson
okay now let's head over to the aws management console to launch an ec2 instance i'm on the aws
homepage let's login to aws management console so i'm logged in go to ec2 service by either
typing ec2 in the on the search bar or selecting ec2 from the recently visited services if it is
shown i'm going to type ec2 in the search bar okay and i will select this vc2 so now i
see the ec2 dashboard as you can see in my account one instance is running at the top
right you will see your account name next is your default reason in my case it is northern
virginia and which has a reason code usc 1 in your case your default region could be
different depending on your location okay since i'm launching an instance i will click on
launch instance next is to select ami which is amazon machine image default all mis are listed
you can search for linux windows or mac ami is here now let's search for windows to
just check it out all the windows amis as you can see these are the
windows ami is available on ec2 right and also you can launch a mac type
of ec2 instance as well so let's search for mac okay as you can see there are three mac mi's
are available okay now since i will be launching a web server on linux machine let's search for linux
as you can see there are so many options are here the question is that which one i should choose
right the first deciding factor for me is that i'm looking for free tier instance as i'm
not looking for any high end configuration just minimal ram and hard disk is okay
for me so so this one is likely choice but next deciding factor for me is that since
i'm launching linux virtual machine on aws i would look for amazon linux mi why imagine linux
mi usually it's good idea to use an image on linux mi because you get additional features related
to aws already set up for instance if you need to run aw cli commands on the launched ec2 instance
you don't need to install awcli separately okay so that being said i will select amazon linux
2mi which is 3t reliable so it will have awcli and it was related to configuration already set up
okay and 64-bit x86 is okay so let me select here okay now here i will select a t2 micro um as it is
free tier eligible the t2 micro is instance type okay so what is instance type aws has
ec2 instance categorization based on combinations of cpu memory storage and networking
capacity t2 micro is one of the instance type right there are other instance types as well you
could see here t2 medium t2 large g2 extra large right and they all have varying cpu memory
and instances storage okay so click on next configure instance details here default is
okay the only thing i will add here is that a couple of linux cell commands to in
the user data to install web server right um one thing i wanted to mention here just for
this reason there are six availability zones right right now since it is a i'll be launching
one instance it doesn't matter which availability zone i choose but if i were to
choose is i could say choose this usc 1a right now come to user data so what is user data right
let me copy and paste uh cell command first here what is user data you can specify user data to
configure an instance or run a configuration script during launch the one advantage of
user data data is that you can launch more than one instance at a time the user data is
available to all instances in that reservation okay so right now i'm launching only one instance
suppose if i were to launch three instances i have to just place this user data script in just one
place and all three instances will get this from user data section okay let me make it this to
one because i'll be launching one instance okay now let's go through each lines to understand what
it is so first line is i'm saying that i will be using bash shell and second line it says that to
update os it's always a good practice to update os in case if there is a new security patch
has been released but it is not available in the mi that you are using which could
lead to potential security risk right um so it's good practice to always do street
vm update when you start your linux machine okay third lineup is about installing http web
server and the last line is about start web server additionally whenever this ec2 instance
stops and it starts again http demon uh will be started as well means web server will be
started automatically at the server startup okay next click on add storage and eight gig is okay
here okay next click on add tags i'll just skip it because this is an optional section next is
configure security group so what is security group security group is a mechanism to control
inbound and outbound connection to the launched ec2 instance for example what type of traffic
and sources are allowed to make the connection on this launched ec2 instance is inbound ftp
connection allowed if allowed is it allowed from all ip addresses or selected ip addresses you got
the id right and with regards to default settings no inbound connection is allowed to the launch
instance and default all outbound connections are allowed from the launched ec2 instance
okay that being the case uh i need to set up inbound connections for this instance okay so
i'll create new security group and let me name this security group let me add description also uh
it's good idea to put description as someone going through will know what what the security group
is all about okay now i'll change the source ip so that ssh connection can be only done from
my machine so i will change the uh source to myappy right so that way sss connection can be
made only from my machine and secondly i need to open http connection port for the web server so i
will click on add role and i will select http on type and for source uh i'd like my web server
to be accessed from anywhere so i will change source to anywhere okay now we'll click on review
and launch so for me everything is fine let me click on launch button and here it is asking to
um about key pair uh you need keep here to make ssh connection uh to the launch machine so i will
create a new new key pair here let me give name of this key pair then click on download key pair you
need to download keeper otherwise you will not be able to make um connection uh so download keypair
click on launch instances now you see the message it is saying that your instances are now launching
okay you can click here to view instances it is not showing any name let me so let me
give apache web server tests okay so that way i will know that this is the instance
that we are and that we are launching okay now next thing is that we need to test
whether web server has been installed correctly or not how to test it right i
can click here and uh default it adds https but since i have not open https it won't work
so let me remove this s here now it should fine as you can notice we got the apache web server
test page so now next is let's see how to make ssh connection to the ec2 instance from the
local machine okay so let me open a new window i will go to temp directory from this directory
i'll be doing all the operations etc etc so let me copy the ec2 key pair that i downloaded
into this directory okay so as you can see i got this uh keypad in this temp directory
now next thing we need to change the permission of this key file to ensure that key is not
publicly viewable right now you could see that um owner is having read write and there are read
options for group and for others as well right so we need to change it so that it is not publicly
viewable means all other people cannot read it so i'll do that you do chmod um 400 and
the file name okay now if you do ls l uh you could see that um the read or read write
option or read option has gone for other users only so now this key is not publicly viewable
okay now connect to launched ec2 instance what you'll do you say ssh minus i and the key
pair name okay next is that you will give ec2 user which is default name for amazon linux
mi and then public ip address of the machine and click enter you'll say yes now as you
can see that i have on the launched ec2 instance okay you can do ls here now let's go
to directory where we have server installed okay unless uh right now there is no file let me
add a tester.html file and let's just put here um sorry we have to do sudo actually um okay page
okay save it now let's go and check whether this html page is available or not you can see that
this page or not now this is the main url for the web store that we launched on page let me
add this test.html to see that whether we are getting that html file here or not so as you
can see we got the result of this is my test home page right so this is how you will connect
to your ec2 instance and make changes whatever you want right now the another thing suppose that
you are not on your machine right mac machine or whatever which or whichever machine uh you're
configured to have a sss connection right you can also make ssh connection um directly from this
browser so if you click here on connect button and here public ipad is fine and username is
easy to user and let's click on connect right um right now it is failing because i have
inbound sss connection from my machine only right so that's the reason it is failing so let
me go first and make change security group this is the security group that we we had
click on inbound and let me make change here to ssh click edit inbound role and here let me
change it to um anywhere though i will not suggest it but some some and sometimes you may need it if
you are not available on your local machine and would like to make change remotely from anywhere
else right so in that condition you need this uh in that case it this option is helpful okay
so make change you say save rules and now go to instance select instances and say connect and rest
all these options are okay let's click connect and you see i got connected here right this
is how you will make ssh connection from from the aws management console okay now you
can um you can stop instance you can reboot instance you can terminate distance right
i usually terminate instance if i don't need it let me terminate this instance and say
dominate okay we refresh here just to show you and now this instance instance is shutting
down and ultimately it will terminate okay so in this video you saw how to launch
an ec2 instance and set up a web server then you saw how to make ssh connection to launch
the ec2 machine both from the local machine and from the device management console then finally
you saw how to terminate the launch machine welcome back this video is about an introduction
to s3 which is an awesome storage service s3 is a very popular aw service we will cover actually in
detail in this relation but before let's go to s3 homepage to understand what s3 is okay so i'm on
the s3 home page first noticeable point about what s3 is is that it is object storage built to store
and retrieve any amount of data from anywhere and s3 is the abbreviated form of simple
storage service which means s3 provides setup apis to store and retrieve data on the cloud
okay essentially aw services are set up apis so let me read uh this line further uh because
this line is uh essentially very much carries the essence of what s3 is okay amazon simple
storage service is an object storage service okay that offers industry leading scalability
data availability security and performance so here is my take in this line if we can
understand the phrase object storage and scalability data availability security and
performance then we will have fairly good conceptual understanding of what is three is okay
so there are two other keywords compliance and durability that are important to understand as
well i will cover them later in the video okay so let's understand the phrase object storage
because this is the key to understand s3 okay regarding a storage we are more familiar with file
storage which is a type of storage system used by operating systems however s3 is not a file storage
service it is an object storage service okay so this is a crucial concept to keep in mind okay
so that being said the question then is what is object storage or object-based storage okay in
object storage objects are the distinct units to manage and manipulate data
storage okay or in more simple words data storage is managed as objects okay in object
storage there is no folder or hierarchy concept like we have in file storage systems instead in
an object storage systems everything is stored in a flat address space which is called
storage pool okay in aws this storage pool has a particular name called bucket we will see
how to create bucket ns3 later in this video when we upload an image okay each object is
stored in a bucket and there is a limitation for the maximum size of the object which can be
stored in the bucket okay the limitation is five terabyte what it means is that you cannot upload
an object larger than five terabyte on s3 okay each bucket gets a fully qualified domain name
and you use the fully qualified domain name of a bucket to access objects in the bucket okay
another important point about object storage is metadata metadata about objects are attached with
stored objects which is one of the reasons that we can do high performance analytics on aws so
even though we don't have any idea about what the object contents are still because of metadata
attached to the objects we can query objects okay another feature of an object storage system
is that object storage systems can be scaled out this is the key reason s3 storage systems has
virtual unlimited scalability okay the question is then what is scale out in a storage system okay
there are two types of storage systems classic scale up storage that most of us are familiar with
as it is used in file based storage systems the other one is scale out which is closely related
to object storage systems in a scale up system the storage scalability is limited by how many maximum
disks can be attached to storage controllers you cannot add more storage if machine has reached
uh to the limit of how many maximum disks can be attached okay on the other hand with the scale out
systems you have a cluster of machines forming a storage address space which is called storage pool
or bucket in aws terms to increase the storage capacity just add more machines which makes scale
out systems virtually unlimited scalable okay so these object storage characteristics which are
storing objects in flat address of space metadata and scale out are the critical factors in driving
s3 features okay this was a little bit longer but i think understanding object storage is important
not only not only for s3 but also in general as a software engineer okay so let's go back to the
first line again which we're trying to understand okay in this line another keyword is scalability
since s3 is an object storage system and object storage systems have virtual unlimited scalability
as we talked earlier that being the case s3 has a theoretically virtually unlimited scalability
which is sort of logical conclusion okay the next phrase is data availability s3 replicates
data or content of s3 bucket in a minimum of three availability zones within a selected region okay
since availability zones are physically separate the replication of on the additional availability
zones helps increase the degree of availability if there is any device failure or any facility issue
at the data center of an availability zone okay for instance since data are replicated on two
additional acs data can be sustained even though data are lost concurrently in two facilities
okay the next keyword is security s3 provides many securities related features for instance
you can store data in an encrypted form using different types of encryption mechanism we will
cover s3 security in detail in this relation okay the next keyword is performance in s3 you can
store data in in a reason nearest to your location that way you will have low latency which leads
to a better performance okay so in this paragraph another s3 related keyword is mentioned which is
compliance okay s3 has feature of cross region replication which can be used to manage regulatory
compliance or keeping a copy of data in case of a reason failure okay another keyword here is
that i would like to bring your attention to is durability okay s3 has 11 9's durability which
means if you store 100 billion objects in s3 you will lose one object at most okay so now you got
the idea about what is what s3 is it is a it is an object storage service that offers scalability
data availability um security and performance and durability of 11 9 okay and you can manage
regulatory compliance as well using cross reason replication okay there are other sections
on this page particularly use cases section okay um which you can go through you
will find them easier to understand now i know it was a bit longer and theoretical
but i think this would help you to have solid footing on s3 okay now let's move on to more
fun stuff where we will create a bucket and upload an image to s3 okay so let's log into
aws management console and go to s3 home page okay i'm on the s3 homepage the first is my
account name you will see your account name here then the next placeholder is for the reason
since s3 is a global service it doesn't show any specific reason it says global okay now i'm on
this page to upload an image but i don't see any option to upload the image okay you can see
right i don't see any option to upload anything now here come interesting point which is related
to object storage concept we talked earlier since s3 is an object based storage service we
need to create a storage pool to store objects this storage pool is called bucket in aws
okay that being said we first need to create a bucket to upload the image because currently
there is no bucket listed in my account okay so click on create bucket button and now i'm
in the create bucket page i need to enter bucket name here let's talk about
bucket name bucket name must be unique within a partition let me click on
this link to show you bucket naming rules okay and here is the important point bucket names
must be unique within a partition a partition is a grouping of reasons aws currently has three
partitions aws standard reasons and aws china reasons and aws usgov reasons okay let's come back
to the create bucket page let me give bucket name usually it's good technique to use domain name
in bucket name which usually avoids possibility of a name collision okay next is aws reason this
is where your actual data will be stored select the reason which is nearest to your location
to have a low latency and good performance okay your default reason will be displayed here and
you can change it right i will keep it as it is as this is my nearest reason okay next is about
public access for this bucket i will block all public access as this is my private bucket i don't
want the content of this bucket to be desired if i was using this bucket to store my
website contents then i would have unchecked this box okay means would have allowed
public access next is bucket versioning disable option is fine but if you have use case
where you would want previous versions to be retained to recover from unintended user actions
then you would check the enable radio button okay next option is about whether you would want
the content of this bucket uh to be encrypted okay for me disable is fine i don't want
to encrypt content of this bucket as this bucket will have only images and encryption will
have extra overhead to impact performance okay next is advanced settings this is about if you
don't want objects to get deleted in the bucket disable option is fine i don't have
any regulatory compliance sort of data in this bucket which i would like to be not
deleted okay so disable option is fine so that i can delete content of this bucket if i would like
to okay click on create bucket as you can see that bucket has been created okay and if you select
the bucket you can see options to delete the bucket or empty the bucket okay you cannot delete
a bucket if there is any object in the bucket okay click on the bucket now i am on the bucket page
let me click on the upload button to upload an image which i have okay now i'm in the upload page
click on the add files up button to upload files and this is the image i have aws image okay now
i will click on upload button load is succeeded let me click on close button select the image on
this page details about the image is displayed for instance owner aws reason size type key s3
uri which is a unique fully qualified domain name to access the image for instance if you're
writing code to access the image from your java or python code you will use this uri okay next is arn
which is used to manage permissions on the object for instance the iron can be used in iem
to set access permissions about this object then e tag which is md5 checksum of that file etag
is used to find out if object has been modified and this is object url if i click on this url
image is not accessible because i have disabled public access on this bucket okay however if i
click on the open button i can see the uploaded image reason is that it is pre-signing the url
i will talk about pre-signing in estimation in detail okay so this is the aws image which i
uploaded okay we'll look into s3 in more detail in this relation but i think in the meantime you have
got a good high level conceptual understanding about what is three is and you can create a
bucket and upload objects to the bucket okay welcome back adw security and compliance is
another essential advanced functional concept as an aws professional it is crucial to have
a high level understanding of how aws handles security and compliance aws cloud security is
much like security in an on-premises data center that being the context first i will cover
how it will handle security at a high level and then i will cover at a high level how aws
helps organizations when it comes to compliance of applications deployed on its platform okay
so let's first start with aws cloud security how important security is for enterprise
applications it doesn't matter whether organizations have their applications on premises
or on the cloud security is extremely important for the deployed applications so what security
is from enterprise applications perspective let's first understand what security is in
more general term from enterprise applications perspective security which is core non-functional
requirement in most enterprise systems protects accidental leakage theft integrity compromise
or deletion of valuable information asset okay so how aws handles security
of enterprise applications deployed on its platform in order to maintain
trust and confidence in their customers aws has implemented comprehensive
security mechanism or safeguards in place to keep customers data safe all data are stored
in a highly secured awareness data centers continuing further on how it was approached
security to provide peace of mind to its customers aws has built its data centers and
network architecture in such a way to meet the requirements of the most
security sensitive organizations what it means organizations can get their security
requirements with much lower operational cost if we compare the cost with how expensive it would be
if they were to get those security requirements on their on-premises data centers right organizations
would also inherit best practices of aws policies architecture and operational processes
which are already built into the aws core security infrastructure that way aw satisfies the
demand of most security sensitive organizations how is the aws infrastructure with
respect to security perspective aws infrastructure is designed from
the cloud architectural perspective with security best practices in mind aw shares
security responsibility with organizations where aws takes care security of the underlying
infrastructure while organizations have to take care of the application security this
is very important point actually okay aws uses layered approach to security it makes
sure that underlying systems are monitored from potential threats and protected around the
clock okay aws environments are continuously audited with certifications from accreditation
bodies across geographies and verticals okay what benefits does adab security provide to
enterprise applications deployed on its platform keeps customers data safe the aws infrastructure
puts strong safeguards in place to help protect your privacy all data is stored in highly secured
aws data centers meets compliance requirements aws manages dozens of compliance programs in
its infrastructure another one is saves money customers saves money as they would not have to
manage on-premises security as secure as security would be managed in advanced data centers and it
scales quickly security scales with your aws cloud usage no matter the size of your business the
awc infrastructure is designed to keep your data safe okay another important foundational concept
to understand is how aws approaches compliance compliance requirements vary country or reason
wise when applications are deployed on aws organizations have complete control and ownership
of their applications in that region so that they can set up their application which is secure
governance focused and have applicable compliance and audit features the following is partial list
of assurance programs with which edibles complies it complies with stock 1 software and shock
3 also it complies with federal information security management act fisma department of
defense information srn certification and accreditation process dicap and federal risk and
authorization management program fedramp also it complies with payment card industry data security
standard pci dss level one okay uh finally it complies with various iso such as 9001 27001 iso
27017 and iso 27018 okay that was the high level overview of edible security and compliance and
i will add aws webpage url for this topic okay